Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.



Similar documents
Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Security Policy. Trapeze Networks

Pulse Secure, LLC. January 9, 2015

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3

SNAPcell Security Policy Document Version 1.7. Snapshield

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

SECURE USB FLASH DRIVE. Non-Proprietary Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS Security Policy

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

NitroGuard Intrusion Prevention System Version and Security Policy

FIPS Security Policy LogRhythm Log Manager

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

SecureDoc Disk Encryption Cryptographic Engine

Secure Network Communications FIPS Non Proprietary Security Policy

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

FIPS SECURITY POLICY FOR

FIPS Security Policy LogRhythm or Windows System Monitor Agent

Cisco Telepresence C40, C60, and C90 Codecs (Firmware Version: TC5.0.2) (Hardware Version: v1) FIPS Non-Proprietary Security Policy

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: 0.9

FIPS SECURITY POLICY

FIPS SECURITY POLICY

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

Secure Computing Corporation Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150 with SecureOS v )

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

13135 Lee Jackson Memorial Hwy., Suite 220 Fairfax, VA United States of America

HEWLETT PACKARD TIPPINGPOINT. FIPS NON PROPRIETARY SECURITY POLICY HP TippingPoint Security Management System

SafeEnterprise TM ATM Encryptor II Model 600 FIPS Level 3 Validation Non-Proprietary Security Policy

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

HP LTO-6 Tape Drive Level 1 Security Policy

FIPS Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module

Security Policy: Key Management Facility Crypto Card (KMF CC)

PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls Security Policy

FIPS Security Policy for WatchGuard XTM

Symantec Mobility: Suite Server Cryptographic Module

FIPS Security Policy

SkyRecon Cryptographic Module (SCM)

FIPS Security Policy 3Com Embedded Firewall PCI Cards

DRAFT Standard Statement Encryption

1C - FIPS Cisco VPN Client Security Policy

Security Policy for Oracle Advanced Security Option Cryptographic Module

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

TANDBERG MXP Codec (Firmware Version: F6.0) FIPS Non-Proprietary Security Policy

Network Security Services (NSS) Cryptographic Module Version

ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA , ASA , ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: Winterson Road Linthicum, MD 21090

Security Policy for FIPS Validation

Cisco Catalyst 3560-X and 3750-X Switches FIPS Level 2 Non-Proprietary Security Policy

MOTOROLA ACCOMPLI 009 PERSONAL COMMUNICATOR MODULE OVERVIEW SCOPE OF DOCUMENT. Security Policy REV 1.2, 10/2002

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

McAfee Firewall Enterprise 8.2.1

OpenSSL FIPS Security Policy Version 1.2.4

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

McAfee Firewall Enterprise 8.3.1

Non-Proprietary Security Policy for the FIPS Level 1 Validated Fortress Secure Client Software Version 3.1

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

How To Protect Your Computer From Attack

Certification Report

FIPS Non-Proprietary Security Policy. FIPS Security Level: 2 Document Version: 0.7

Certification Report

WebSphere DataPower Release FIPS and NIST SP a support.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

FIPS Documentation: Security Policy 05/06/ :21 AM. Windows CE and Windows Mobile Operating System. Abstract

USB Portable Storage Device: Security Problem Definition Summary

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Certification Report

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Athena Smartcard Inc. IDProtect Key with LASER PKI FIPS Cryptographic Module Security Policy. Document Version: 1.0 Date: April 25, 2012

FIPS Non-Proprietary Security Policy

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Payment Card Industry (PCI) Hardware Security Module (HSM) Security Requirements Version 1.0

An Introduction to Cryptography as Applied to the Smart Grid

How To Evaluate Watchguard And Fireware V11.5.1

USB Portable Storage Device: Security Problem Definition Summary

7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE,

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

A COMPARISON OF THE SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES IN FIPS AND FIPS 140-2

Junos OS for EX Series Ethernet Switches, Release 12.1R6

FIPS Security Policy

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

ES3X 16 P, SM ES3X 24 P, SM D ES3X 48 P, PVDM4 32, PVDM4 64, PVDM4

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)

HP Networking Switches

Protection Profile for Full Disk Encryption

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Thick Client Application Security

Brocade MLXe and Brocade NetIron CER 2000 Series Ethernet Routers

Transcription:

Secure File Transfer Appliance Security Policy Document Version 1.9 Accellion, Inc. November 11, 2010 Copyright Accellion, Inc. 2010. May be reproduced only in its original entirety [without revision].

TABLE OF CONTENTS 1. MODULE OVERVIEW... 3 2. SECURITY LEVEL... 4 3. MODES OF OPERATION... 4 4. PORTS AND INTERFACES... 5 5. IDENTIFICATION AND AUTHENTICATION POLICY... 5 6. ACCESS CONTROL POLICY... 7 ROLES AND SERVICES... 7 DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)... 8 DEFINITION OF CSPS MODES OF ACCESS... 9 7. OPERATIONAL ENVIRONMENT... 10 8. SECURITY RULES... 10 9. PHYSICAL SECURITY POLICY... 12 PHYSICAL SECURITY MECHANISMS... 12 OPERATOR REQUIRED ACTIONS... 12 10. MITIGATION OF OTHER ATTACKS POLICY... 15 11. DEFINITIONS AND ACRONYMS... 16 Page 2

1. Module Overview The Accellion Secure File Transfer Appliance (HW P/N ACFIPS-01 Version 1.0.0; FW Version FTA_8_0_3, FTA_8_0_136, and FTA_8_0_488) is a multi-chip standalone cryptographic module as defined in the FIPS 140-2 standard. The cryptographic boundary is the external surface of the hard, opaque, commercial grade metal case. The primary purpose for this device is to provide data security for file transfers. Figure 1 Image of the Cryptographic Module Page 3

2. Security Level The Secure File Transfer Appliance cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 3 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 2 Mitigation of Other Attacks 3. Modes of Operation The Secure File Transfer Appliance cryptographic module only supports a FIPS Approved mode of operation; it is placed into FIPS mode when initialized with a valid license key. The user can determine if the cryptographic module is running in FIPS mode via execution of the Show Status service. Approved mode of operation The Secure File Transfer Appliance module supports the following FIPS Approved algorithms: AES ECB mode with 128 bit keys for decryption of the file (Cert. #843) AES CBC mode with 128 bit keys for decryption of the license (Cert. #844) AES CBC mode with 128 and 256 bit keys for encryption and decryption in the TLS (Cert. #845) TDES TCBC mode for encryption and decryption in the TLS (Cert #771) HMAC SHA-1 for message authentication (Cert. #468) DSA with 1024 bit keys for digital signature verification (Cert. #307) N/A Page 4

SHA-1 for hashing (used with TLS implementation) (Cert. #836) SHA-1 for hashing (used with HMAC implementation) (Cert. #835) SHA-1 for hashing (used with DSA implementation) (Cert. #842) The Secure File Transfer Appliance module supports the following FIPS allowed algorithms and protocols: TLS/SSL 3.1 for secure communications and key establishment NDRNG to generate passwords (2 implementations, one for PHP and one for Perl) AES key wrap per the AES Key Wrap Specification (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength) RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) The Secure File Transfer Appliance module supports the following non-fips Approved algorithms which do not support any security relevant operations: Blowfish for encryption MD5 for hashing 4. Ports and Interfaces The Secure File Transfer Appliance module provides the following physical ports and logical interfaces: Two 10/100/1000 Ethernet ports: data input, data output, control input, status output Serial port (RS232-C): not used, disabled Keyboard port: control input Mouse PS/2 port: control input Two Video ports: status output Four USB ports: control input 10/100 Ethernet (for Integrated Lights Out Management (HP model)): control input, status output (Note: A tamper label covers this port) PCI Express slots: not used, disabled (protected by metal) Power port(s): power input 5. Identification and Authentication Policy The Secure File Transfer Appliance module shall support three distinct operator roles (User, Cryptographic Officer and Accellion Support). The cryptographic module shall enforce the separation of roles using identity-based operator authentication. An operator must enter a Page 5

username and its password or possess the Accellion Support DSA key to log in. For the User role and the Cryptographic Officer role, the username is an alphanumeric string of 1 to 15 characters. For the Accellion Support role, the username is an alphanumeric string of 8 characters. The passwords are an alphanumeric string of minimum 6 characters randomly chosen from the 94 ASCII characters. Upon correct authentication, the role is selected based on the username of the operator. Table 2 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data User Cryptographic Officer Accellion Support Identity-based operator authentication Identity-based operator authentication Identity-based operator authentication Username and Password Username and Password 1024-bit DSA key Table 3 Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Username and Password The probability that a random attempt will succeed or a false acceptance will occur is 1/ 94^6 which is less than 1/1,000,000. Passwords are a minimum length of 6 characters from a pool of 94 possible characters (i.e., printable characters only). The probability of successfully authenticating to the module within one minute is 1/ (94^6/5) which is less than 1/100,000. The module can be configured to a specified number of unsuccessful attempts. 1024 bit DSA Key The probability that a random attempt will succeed or a false acceptance will occur is 1/ 2^80 which is less than 1/1,000,000. The DSA key provides 80 bits of encryption strength and the processing capabilities of the module aren t sufficient to support the number of attempts required to correctly guess the key in less than one minute. Page 6

6. Access Control Policy Roles and Services Table 4 Services Authorized for Roles Role Authorized Services User: Decrypt Data: This service AES decrypts ciphertext data passed into the cryptographic module using the AES 128 File Decryption Key. File Transfer: This service transfers the requested file over an SSL 3.1 or TLS connection. Administer Account: This service allows the user to change the settings on his/her own account. Establish Connection: This service allows an SSL 3.1 or TLS connection to be established. Disconnect: This service allows an SSL 3.1 or TLS connection to end. Cryptographic Officer: Administer Users: User account maintenance. Administer Module: Configure the module such as network settings, file management settings, etc. Establish Connection: This service allows an SSL 3.1 or TLS connection to be established. Disconnect: This service allows an SSL 3.1 or TLS connection to end. Show Status: Provide status information for the module. Firmware Loads: Load new firmware updates into the module. File Management: Delete and replicate files. Shutdown/restart: Shutdown the module or restart to run self-tests. Enable Organizational File Download: Allow download links to be forwarded to users for download within an organization following authentication. Enable Non-Confidential Delivery: Allow anonymous file downloads. Page 7

Role Authorized Services Zeroize: Wipe all secret and private keys and CSPs from the module s hard disk and volatile memory. ALCS: Configure the module to act in a clustering mode with another module. Accellion Support: Administration Functions: Support administration and configuration. Unauthenticated Services: The Secure File Transfer Appliance module supports the following service that does not require an operator to assume an authorized role: Self-Tests: Automatically runs the self-tests necessary for FIPS 140-2. Definition of Critical Security Parameters (CSPs) The following are CSPs contained in the module: Key Encryption Key (KEK): This is an AES 128 bit key used for encryption/decryption of AES 128 file decryption key. License Key: This is an AES 128 key used to decrypt the license file. Accellion TLS Key: This key is used for TLS connections (the factory shipped 1024 bit RSA key is replaced by the customer). Customer TLS Key: This key is used for TLS connections, 1024 bit RSA key. TLS Session Key: TDES or AES 128/256 bit key used in TLS session. File Decryption Key: This is an AES 128 key used to decrypt a file stored on the Secure File Transfer Appliance s hard disk. HMAC Key: This key is used by the login API. CO Password: Used to authenticate the CO. User Password: Used to authenticate the User. Definition of Public Keys: The following are the public keys contained in the module: RSA Public Key: Checks the signature of the license. RSA Public Key TLS: 1024 bit RSA key used in TLS which can be replaced by the Page 8

customer. DSA Public Key for Firmware Load: A DSA 1024 bit key used to authenticate firmware loads. DSA Accellion Support Public Key: A DSA 1024 bit key used to authenticate the Accellion Support role. Definition of CSPs Modes of Access Table 5 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as follows: Use (U): This operation uses the identified CSP. Store (S): This operation stores the identified CSP into persistent storage. Zeroize (Z): This operation actively overwrites the identified CSP. Role Table 5 CSP Access Rights within Roles & Services CSPs User Crypto Officer Accellion Support Service Key Encryption Key License Key Accellion/Customer TLS Key TLS session key File Decryption Key HMAC Key Crypto Officer Password User Password X Decrypt Data U U U U X File Transfer U U U X Administer Account U U U, S U, S X X Establish Connection U U U U U X X Disconnect X Administer Users U U U U, S S X Administer Module U U,S U U X Show Status U U U U X Firmware Loads U U U U X File Management U U U X Shutdown/restart U U U U Page 9

Role CSPs User Crypto Officer X X Accellion Support Service Enable Organizational File Downloads Enable Non- Confidential Delivery Key Encryption Key License Key Accellion/Customer TLS Key TLS session key U U U U U U X ALCS U U S S, U S File Decryption Key HMAC Key Crypto Officer Password U U User Password X Zeroize Z Z Z Z Z Z Z Z X All Administration Functions 7. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the Secure File Transfer Appliance does not contain a modifiable operational environment. 8. Security Rules The Secure File Transfer Appliance cryptographic module s design corresponds to the cryptographic module s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1. The cryptographic module shall provide the following distinct operator roles: User role Cryptographic Officer role Accellion Support role The Accellion Support role exists to facilitate troubleshooting and diagnostic activities for customers that elect this service. 2. The cryptographic module shall provide identity-based authentication. 3. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 4. When the cryptographic module is powered cycled, any authenticated operators must reauthenticate to the module to re-enter their desired role. Page 10

5. The cryptographic module shall encrypt message traffic using the TLS/SSL3.1 algorithm. 6. The cryptographic module shall perform the following tests: A. Power up Self-Tests: 1. Cryptographic algorithm tests: a. AES ECB decryption KAT (for decryption of the file) b. AES CBC decryption KAT (for decryption of the license) (2 tests) c. AES CBC encryption/decryption KAT (for encryption/decryption in TLS) (2 tests) d. TDES KAT (used with TLS implementation) e. HMAC SHA-1 KAT f. DSA verify KAT g. SHA-1 KAT (used with TLS implementation) h. SHA-1 KAT (used with HMAC implementation) i. SHA-1 KAT (used with DSA implementation) 2. Firmware Integrity Test EDC used 3. Critical Functions Tests: None B. Conditional Self-Tests: 1. NDRNG Continuous RNG Test (used with PHP) 2. NDRNG Continuous RNG Test (used with Perl) 3. Firmware Load Test using DSA with SHA-1 7. At any time the cryptographic module is in an idle state, the operator shall be capable of commanding the module to perform the power-up self-test. 8. Prior to each use, the internal RNG shall be tested using the conditional test specified in FIPS 140-2 4.9.2. 9. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. This section documents the security rules imposed by the vendor: 1. Presently, the module will support a maximum of 200 concurrent individual users. Tens of thousands may be defined on the appliance. 2. If the cryptographic module remains inactive for the Cryptographic Officer role for a configurable timeout period (maximum period of 60 minutes), the module shall automatically log-out the operator. If the cryptographic module remains inactive for the User role for a maximum period of 180 minutes, the module shall automatically log-out Page 11

the operator. 3. The module enforces a timed access protection mechanism that supports a preconfigurable number of unsuccessful authentication attempts. After those configured number of consecutive unsuccessful Password validation attempts have occurred, the cryptographic module shall enforce a wait period (configurable) before any more login attempts can be attempted. This wait period shall be enforced even if the module power is momentarily removed. Note that it is advised that the number of unsuccessful authentication attempts should not exceed five attempts. 9. Physical Security Policy Physical Security Mechanisms The Secure File Transfer Appliance multi-chip standalone cryptographic module includes the following physical security mechanisms: Production-grade components Production-grade opaque enclosure with tamper evident seals Protected vents The following excluded components are non-security relevant: Removable power supplies in the rear of the module Power regulator components in the power supply bay Operator Required Actions The Cryptographic Officer is required to periodically inspect the tamper evident seals, enclosure, and vents. If suspicious markings are found, it is encouraged that the cryptographic module be zeroized and returned to the manufacturer; the Cryptographic Officer should assume that the cryptographic module has been fully compromised and must abide by the restrictions required by the Cryptographic Officer s organizational security policy. Physical Security Mechanisms Table 6 Inspection/Testing of Physical Security Mechanisms Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Tamper Evident Seals Opaque enclosure As specified per end user policy. As specified per end user policy. Visually inspect the labels for tears, rips, dissolved adhesive, and other signs of malice. Visually inspect the enclosure for broken screws, bent casing, scratches, and other questionable markings. Page 12

Physical Security Mechanisms Protected vents Recommended Frequency of Inspection/Test As specified per end user policy. Inspection/Test Guidance Details Visually inspect the vents for tears, bent baffles, and other signs of tampering on the dust filters or vents themselves. Figure 2: Right Vent Dust Filter Placement Figure 3: Tamper Evident Seal on Top Cover Latch Page 13

Figure 4: Tamper Seals over Front Hard Drives Figure 5: Rear Tamper Seals Page 14

Figure 6: Tamper Seals inside Left Power Supply Slot 10. Mitigation of Other Attacks Policy The module has not been designed to mitigate specific attacks outside of the scope of FIPS 140-2. Page 15

11. Definitions and Acronyms AES ALCS API CO Advanced Encryption Standard Accellion Local Cluster Service Application Program Interface Cryptographic Officer CSP Critical Security Parameter (as defined in FIPS 140-2) DES DSA EMC EMI FIPS HMAC Data Encryption Standard Digital Signature Algorithm Electromagnetic Compatibility Electromagnetic Interference Federal Information Processing Standard Keyed-Hash Message Authentication Code MD5 Message-Digest Algorithm 5 NDRNG RNG RPM RSA SHA SSH SSL TLS USB Nondeterministic Random Number Generator Random Number Generator Red Hat Package Manager Rivest, Shamir and Adleman Algorithm Secure Hash Algorithm Secure Shell Secure Sockets Layer Transport Layer Security Universal Serial Bus Page 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information